GHSA-mcvg-g9wx-v5vx

Опубликовано: 20 сент. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.6

Описание

Valine code injection vulnerability

Valine was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-38545
https://github.com/xCss/Valine/issues/400
https://github.com/xCss/Valine/commit/c40826c5816c98d797a6b1ed8b62bddf73ed4f65
https://github.com/xCss/Valine/releases/tag/v1.5.0

Пакеты

Наименование

valine

npm

Затронутые версииВерсия исправления

< 1.5.0

1.5.0

EPSS

Процентиль: 82%

0.01647

Низкий

9.6 Critical

CVSS3

CVE ID

CVE-2022-38545

Дефекты

CWE-74

CWE-79

Связанные уязвимости

CVE-2022-38545

CVSS3: 9.6

nvd

больше 3 лет назад

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.

EPSS

Процентиль: 82%

0.01647

Низкий

9.6 Critical

CVSS3

CVE ID

CVE-2022-38545

Дефекты

CWE-74

CWE-79